Skip to content
Log In

Guide to the Secure Configuration of Red Hat OpenShift Container Platform 4

Rules, Groups, and Values defined within the XCCDF Benchmark

  • This is a helper rule to fetch the required api resource for detecting HyperShift OCP version

    no description
    Rule Medium Severity
    Show

  • This is a helper rule to fetch the required api resource for detecting OCP version

    no description
    Rule Medium Severity
    Show

  • Kubernetes Kubelet Settings

    The Kubernetes Kubelet is an agent that runs on each node in the cluster. It makes sure that containers are running in a pod. The kubelet takes a set of PodSpecs that are provided through various ...
    Group
    Show

  • Configure Kubelet Event Limit

    Maximum event creations per second.
    Value
    Show

  • Configure Kubelet EvictionHard Image FS Available

    Image FS Available for the EvictionHard threshold to trigger.
    Value
    Show

  • Configure Kubelet EvictionHard Image FS inodes Free

    Image FS inodes Free for the EvictionHard threshold to trigger.
    Value
    Show

  • Configure Kubelet EvictionHard Memory Available

    Memory Available for the EvictionHard threshold to trigger.
    Value
    Show

  • Configure Kubelet EvictionHard NodeFS Available

    Node FS Available for the EvictionHard threshold to trigger.
    Value
    Show

  • Configure Kubelet EvictionHard Node FS inodes Free

    Node FS inodes Free for the EvictionHard threshold to trigger.
    Value
    Show

  • Configure Kubelet EvictionSoft Image FS Available

    Image FS Available for the EvictionSoft threshold to trigger.
    Value
    Show

  • Configure Kubelet EvictionSoft Image FS inodes Free

    Image FS inodes Free for the EvictionSoft threshold to trigger.
    Value
    Show

  • Configure Kubelet EvictionSoft Memory Available

    Memory Available for the EvictionSoft threshold to trigger.
    Value
    Show

  • Configure Kubelet EvictionSoft NodeFS Available

    Node FS Available for the EvictionSoft threshold to trigger.
    Value
    Show

  • Configure Kubelet EvictionSoft Node FS inodes Free

    Node FS inodes Free for the EvictionSoft threshold to trigger.
    Value
    Show

  • Configure Kubelet use of the Strong Cryptographic Ciphers

    Cryptographic Ciphers Available for Kubelet, separated by comma
    Value
    Show

  • Configure Kubelet use of the Strong Cryptographic Ciphers

    Cryptographic Ciphers Available for Kubelet
    Value
    Show

  • Configure Kubelet to use secure TLS version

    Secure version of TLS available for configuring Kubelet
    Value
    Show

  • Configure Kubelet to use secure TLS version

    TLS versions available for configuring Kubelet, excluding insecure versions
    Value
    Show

  • Ensure authorization is set to Webhook

    Unauthenticated/unauthorized users should have no access to OpenShift nodes. The Kubelet should be set to only allow Webhook authorization. To ensure that the Kubelet requires authorization, valida...
    Rule Medium Severity
    Show

  • kubelet - Configure the Client CA Certificate

    By default, the kubelet is not configured with a CA certificate which can subject the kubelet to man-in-the-middle attacks. To configure a client CA certificate, edit the kubelet configuration fil...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules